Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with port forwarding https/webmail

    Scheduled Pinned Locked Moved
    2.0-RC Snapshot Feedback and Problems - RETIRED
    3
    4
    7.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kkm
      last edited by

      Hi!

      I'm new to this forum, so I hope this is the right place for the post.

      We have a firewall running pfsense 2.0 RC2.  We have an email server running Mac Lion 10.7 that has webmail set up on it using a self-signed SSL certificate.  Internally, webmail connections work using https on port 443.  No other ports are needed internally for webmail to work.  Externally (outside of the firewall), web browsers will not connect to the webmail unless port 143 (unencrypted IMAP) is also port forwarded to the webmail server.  It seems like the firewall is un-encrypting the ssl as it passes through

      Here is the rule that we have for webmail:

      Dest. Addr      Dest. ports    Nat IP      Nat Ports
      *                  25000            server      443

      We are using port 25000 as the destination port since we have other https connections on the standard ports already going to other servers.  Also, we are connecting directly to the firewall external interface with https://firewall-ip-address:25000/webmail to access the server.

      Is there another setting that we should be using to allow port forwarding for SSL connections?  I will be happy to supply anything else needed for troubleshooting.  Thanks!

      1 Reply Last reply Reply Quote 0
      • T
        toomeek
        last edited by

        I don't understand what do U mean.
        I have SSL NATed already - Webmin, HTTPS, SSH, all works fine..
        Just add an entry in DNS Forwarder?
        Then host will be reachable in LAN like over WAN dns entry, but using internal IP.

        pfSense_ports.png
        pfSense_ports.png_thumb
        pfsense_dnsforwarder.png
        pfsense_dnsforwarder.png_thumb

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          The firewall can't unencrypt traffic. Nothing in a web browser will require IMAP being open, though I'm not familiar with how that particular webmail functions. What you're doing there is generally fine.

          1 Reply Last reply Reply Quote 0
          • K
            kkm
            last edited by

            Hi!  Thanks for the replies.  We actually have DNS set up internally and have external DNS servers configured as well.

            That is good to know that the firewall won't be un-encrypting SSL traffic.

            Thanks!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post